Project

General

Profile

Issue #3063

ESP Packets not decrypted

Added by Jeremy GERVAIS over 1 year ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Category:
interoperability
Affected version:
5.5.1
Resolution:
No feedback

Description

Information
Local Peer
IP Address : A.A.A.A
System : Debian 9.8 x86_64
Kernel : 4.9.0-8-amd64
StrongSwan : 5.5.1
malloc: sbrk 2560000, mmap 0, used 879952, free 1680048
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 41
loaded plugins: charon aesni aes rc2 sha2 sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown
Remote Peer
IP Address : B.B.B.B
System : Check Point R77.3O

Description
When my peer Strongswan initiate the tunnel, the ESP flow reveived seems not to be decrypted.

Strongswan config

config setup
        uniqueids=no
        strictcrlpolicy=no

config setup
        uniqueids=no
        strictcrlpolicy=no

conn partner
        authby=secret
        left=A.A.A.A
        leftid=A.A.A.A
        leftsubnet=10.143.144.0/26
        right=B.B.B.B
        rightsubnet=172.22.203.0/24
        ike=aes256-sha256-modp2048!
        esp=aes256-sha256!
        keyexchange=ikev2
        keyingtries=0
#        ikelifetime=24h
        ikelifetime=3h
        lifetime=1h
        rekey=no
#        dpddelay=30
#        dpdtimeout=120
#        dpdaction=restart
        auto=add

conn partner-sa2
        also=partner
        leftsubnet=10.143.152.0/24

Init VPN

$ sudo ipsec up partner
initiating IKE_SA partner[271] to B.B.B.B
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from A.A.A.A[500] to B.B.B.B[500] (464 bytes)
received packet: from B.B.B.B[500] to A.A.A.A[500] (428 bytes)
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(CHDLESS_SUP) ]
authentication of 'A.A.A.A' (myself) with pre-shared key
establishing CHILD_SA partner
generating IKE_AUTH request 1 [ IDi IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_6_ADDR) N(EAP_ONLY) ]
sending packet: from A.A.A.A[4500] to B.B.B.B[4500] (352 bytes)
received packet: from B.B.B.B[4500] to A.A.A.A[4500] (272 bytes)
parsed IKE_AUTH response 1 [ IDr AUTH N(CRASH_DET) SA TSi TSr N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) ]
authentication of 'B.B.B.B' with pre-shared key successful
IKE_SA partner[271] established between A.A.A.A[A.A.A.A]...B.B.B.B[B.B.B.B]
received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
CHILD_SA partner{3945} established with SPIs c2151128_i 11b5456a_o and TS 10.143.144.0/26 === 172.22.203.0/24
connection 'partner' established successfully

$ sudo ipsec up partner-sa2
establishing CHILD_SA partner-sa2
generating CREATE_CHILD_SA request 2 [ SA No TSi TSr ]
sending packet: from A.A.A.A[4500] to B.B.B.B[4500] (208 bytes)
received packet: from B.B.B.B[4500] to A.A.A.A[4500] (208 bytes)
parsed CREATE_CHILD_SA response 2 [ SA No TSi TSr N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) ]
received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
CHILD_SA partner-sa2{3946} established with SPIs c9220e55_i e457a2da_o and TS 10.143.152.0/24 === 172.22.203.0/24
connection 'partner-sa2' established successfully

VPN status

$ sudo ipsec statusall partner 
Status of IKE charon daemon (strongSwan 5.5.1, Linux 4.9.0-8-amd64, x86_64):
  uptime: 7 days, since May 08 14:02:45 2019
  malloc: sbrk 2560000, mmap 0, used 948368, free 1611632
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 42
  loaded plugins: charon aesni aes rc2 sha2 sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown
Connections:
  partner:  A.A.A.A...B.B.B.B  IKEv2
  partner:   local:  [A.A.A.A] uses pre-shared key authentication
  partner:   remote: [B.B.B.B] uses pre-shared key authentication
  partner:   child:  10.143.144.0/26 === 172.22.203.0/24 TUNNEL
partner-sa2:   child:  10.143.152.0/24 === 172.22.203.0/24 TUNNEL
Security Associations (9 up, 1 connecting):
  partner[271]: ESTABLISHED 72 seconds ago, A.A.A.A[A.A.A.A]...B.B.B.B[B.B.B.B]
  partner[271]: IKEv2 SPIs: 1afb046ce6ee1fe4_i* 57cc05d0a346bfdd_r, rekeying disabled
  partner[271]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
  partner{3945}:  INSTALLED, TUNNEL, reqid 229, ESP SPIs: c2151128_i 11b5456a_o
  partner{3945}:  AES_CBC_256/HMAC_SHA2_256_128, 0 bytes_i, 0 bytes_o, rekeying disabled
  partner{3945}:   10.143.144.0/26 === 172.22.203.0/24

$ sudo ipsec statusall partner-sa2
Connections:
Security Associations (9 up, 1 connecting):
  partner[271]: ESTABLISHED 79 seconds ago, A.A.A.A[A.A.A.A]...B.B.B.B[B.B.B.B]
  partner[271]: IKEv2 SPIs: 1afb046ce6ee1fe4_i* 57cc05d0a346bfdd_r, rekeying disabled
  partner[271]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
partner-sa2{3946}:  INSTALLED, TUNNEL, reqid 230, ESP SPIs: c9220e55_i e457a2da_o
partner-sa2{3946}:  AES_CBC_256/HMAC_SHA2_256_128, 0 bytes_i, 2460 bytes_o (41 pkts, 2s ago), rekeying disabled
partner-sa2{3946}:   10.143.152.0/24 === 172.22.203.0/24

IP Policy

src 172.22.203.0/24 dst 10.143.152.0/24 
    dir fwd priority 187712 ptype main 
    tmpl src B.B.B.B dst A.A.A.A
        proto esp reqid 230 mode tunnel
src 172.22.203.0/24 dst 10.143.152.0/24 
    dir in priority 187712 ptype main 
    tmpl src B.B.B.B dst A.A.A.A
        proto esp reqid 230 mode tunnel
src 10.143.152.0/24 dst 172.22.203.0/24 
    dir out priority 187712 ptype main 
    tmpl src A.A.A.A dst B.B.B.B
        proto esp reqid 230 mode tunnel
src 172.22.203.0/24 dst 10.143.144.0/26 
    dir fwd priority 187200 ptype main 
    tmpl src B.B.B.B dst A.A.A.A
        proto esp reqid 229 mode tunnel
src 172.22.203.0/24 dst 10.143.144.0/26 
    dir in priority 187200 ptype main 
    tmpl src B.B.B.B dst A.A.A.A
        proto esp reqid 229 mode tunnel
src 10.143.144.0/26 dst 172.22.203.0/24 
    dir out priority 187200 ptype main 
    tmpl src A.A.A.A dst B.B.B.B
        proto esp reqid 229 mode tunnel

IP State

src A.A.A.A dst B.B.B.B
    proto esp spi 0xe457a2da(3830948570) reqid 230(0x000000e6) mode tunnel
    replay-window 0 seq 0x00000000 flag af-unspec (0x00100000)
    auth-trunc hmac(sha256) 0x28b36266905b0d1862b74c4da0e35cbcce2763bb8c994bde0359fcf39dc8a02d (256 bits) 128
    enc cbc(aes) 0x58028584c2bf986db8fb70bbba0583e9992729fa012ea630bdfc24378acc85a1 (256 bits)
    anti-replay context seq 0x0, oseq 0x21, bitmap 0x00000000
    lifetime config
      limit soft (INF)(bytes), hard (INF)(bytes)
      limit soft (INF)(packets), hard (INF)(packets)
      expire add soft 0(sec), hard 0(sec)
      expire use soft 0(sec), hard 0(sec)
    lifetime current
      1980(bytes), 33(packets)
      add 2019-05-16 062019 use 2019-05-16 062031
    stats
      replay-window 0 replay 0 failed 0
src B.B.B.B dst A.A.A.A
    proto esp spi 0xc9220e55(3374452309) reqid 230(0x000000e6) mode tunnel
    replay-window 32 seq 0x00000000 flag af-unspec (0x00100000)
    auth-trunc hmac(sha256) 0x6c978013a2944453418a26c5a5e0b9a5bbae47558c34d109f7299747c5f392d3 (256 bits) 128
    enc cbc(aes) 0x60e52452e287a76fdd5a2a06c98f76651f1300720de0792ed463a58b6cc357bf (256 bits)
    anti-replay context seq 0x0, oseq 0x0, bitmap 0x00000000
    lifetime config
      limit soft (INF)(bytes), hard (INF)(bytes)
      limit soft (INF)(packets), hard (INF)(packets)
      expire add soft 0(sec), hard 0(sec)
      expire use soft 0(sec), hard 0(sec)
    lifetime current
      0(bytes), 0(packets)
      add 2019-05-16 062019 use -
    stats
      replay-window 0 replay 0 failed 0
src A.A.A.A dst B.B.B.B
    proto esp spi 0x11b5456a(297092458) reqid 229(0x000000e5) mode tunnel
    replay-window 0 seq 0x00000000 flag af-unspec (0x00100000)
    auth-trunc hmac(sha256) 0x23b9be0f45530bcb74c2c07cb3aaed47d81f793adf947131d41c035c49b12856 (256 bits) 128
    enc cbc(aes) 0x23407250f5915695b7dd8f17c09f1e662b4167613a0b8b22487ccc443586121d (256 bits)
    anti-replay context seq 0x0, oseq 0x0, bitmap 0x00000000
    lifetime config
      limit soft (INF)(bytes), hard (INF)(bytes)
      limit soft (INF)(packets), hard (INF)(packets)
      expire add soft 0(sec), hard 0(sec)
      expire use soft 0(sec), hard 0(sec)
    lifetime current
      0(bytes), 0(packets)
      add 2019-05-16 061959 use -
    stats
      replay-window 0 replay 0 failed 0
src B.B.B.B dst A.A.A.A
    proto esp spi 0xc2151128(3256160552) reqid 229(0x000000e5) mode tunnel
    replay-window 32 seq 0x00000000 flag af-unspec (0x00100000)
    auth-trunc hmac(sha256) 0xa94b621be34e1a7a5e3494f1f0c58dd13ef8a088f875201e807f092fdf098f2b (256 bits) 128
    enc cbc(aes) 0x2f230a47889f744c73e8f847a5ba0bd5f05a746e91771768d6fe8ee3d23a43fe (256 bits)
    anti-replay context seq 0x0, oseq 0x0, bitmap 0x00000000
    lifetime config
      limit soft (INF)(bytes), hard (INF)(bytes)
      limit soft (INF)(packets), hard (INF)(packets)
      expire add soft 0(sec), hard 0(sec)
      expire use soft 0(sec), hard 0(sec)
    lifetime current
      0(bytes), 0(packets)
      add 2019-05-16 061959 use -
    stats
      replay-window 0 replay 0 failed 0

Strongswan logs

May 16 06:19:59 16[IKE] <partner|271> initiating IKE_SA partner[271] to B.B.B.B
May 16 06:19:59 16[IKE] <partner|271> IKE_SA partner[271] state change: CREATED => CONNECTING
May 16 06:19:59 16[CFG] <partner|271> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
May 16 06:19:59 12[IKE] <partner|271> received CHILDLESS_IKEV2_SUPPORTED notify
May 16 06:19:59 12[CFG] <partner|271> selecting proposal:
May 16 06:19:59 12[CFG] <partner|271>   proposal matches
May 16 06:19:59 12[CFG] <partner|271> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
May 16 06:19:59 12[CFG] <partner|271> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
May 16 06:19:59 12[CFG] <partner|271> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
May 16 06:19:59 12[IKE] <partner|271> reinitiating already active tasks
May 16 06:19:59 12[IKE] <partner|271>   IKE_CERT_PRE task
May 16 06:19:59 12[IKE] <partner|271>   IKE_AUTH task
May 16 06:19:59 12[IKE] <partner|271> authentication of 'A.A.A.A' (myself) with pre-shared key
May 16 06:19:59 12[IKE] <partner|271> successfully created shared key MAC
May 16 06:19:59 12[IKE] <partner|271> establishing CHILD_SA partner
May 16 06:19:59 12[CFG] <partner|271> proposing traffic selectors for us:
May 16 06:19:59 12[CFG] <partner|271>  10.143.144.0/26
May 16 06:19:59 12[CFG] <partner|271> proposing traffic selectors for other:
May 16 06:19:59 12[CFG] <partner|271>  172.22.203.0/24
May 16 06:19:59 12[CFG] <partner|271> configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
May 16 06:19:59 11[IKE] <partner|271> received QUICK_CRASH_DETECTION notify
May 16 06:19:59 11[IKE] <partner|271> received ESP_TFC_PADDING_NOT_SUPPORTED notify
May 16 06:19:59 11[IKE] <partner|271> received NON_FIRST_FRAGMENTS_ALSO notify
May 16 06:19:59 11[IKE] <partner|271> authentication of 'B.B.B.B' with pre-shared key successful
May 16 06:19:59 11[IKE] <partner|271> IKE_SA partner[271] established between A.A.A.A[A.A.A.A]...B.B.B.B[B.B.B.B]
May 16 06:19:59 11[IKE] <partner|271> IKE_SA partner[271] state change: CONNECTING => ESTABLISHED
May 16 06:19:59 11[IKE] <partner|271> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
May 16 06:19:59 11[CFG] <partner|271> selecting proposal:
May 16 06:19:59 11[CFG] <partner|271>   proposal matches
May 16 06:19:59 11[CFG] <partner|271> received proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
May 16 06:19:59 11[CFG] <partner|271> configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
May 16 06:19:59 11[CFG] <partner|271> selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
May 16 06:19:59 11[CFG] <partner|271> selecting traffic selectors for us:
May 16 06:19:59 11[CFG] <partner|271>  config: 10.143.144.0/26, received: 10.143.144.0/26 => match: 10.143.144.0/26
May 16 06:19:59 11[CFG] <partner|271> selecting traffic selectors for other:
May 16 06:19:59 11[CFG] <partner|271>  config: 172.22.203.0/24, received: 172.22.203.0/24 => match: 172.22.203.0/24
May 16 06:19:59 11[CHD] <partner|271>   using AES_CBC for encryption
May 16 06:19:59 11[CHD] <partner|271>   using HMAC_SHA2_256_128 for integrity
May 16 06:19:59 11[CHD] <partner|271> adding inbound ESP SA
May 16 06:19:59 11[CHD] <partner|271>   SPI 0xc2151128, src B.B.B.B dst A.A.A.A
May 16 06:19:59 11[CHD] <partner|271> adding outbound ESP SA
May 16 06:19:59 11[CHD] <partner|271>   SPI 0x11b5456a, src A.A.A.A dst B.B.B.B
May 16 06:19:59 11[IKE] <partner|271> CHILD_SA partner{3945} established with SPIs c2151128_i 11b5456a_o and TS 10.143.144.0/26 === 172.22.203.0/24
May 16 06:19:59 11[IKE] <partner|271> activating new tasks
May 16 06:19:59 11[IKE] <partner|271> nothing to initiate
May 16 06:20:19 07[IKE] <partner|271> queueing CHILD_CREATE task
May 16 06:20:19 07[IKE] <partner|271> activating new tasks
May 16 06:20:19 07[IKE] <partner|271>   activating CHILD_CREATE task
May 16 06:20:19 07[IKE] <partner|271> establishing CHILD_SA partner-sa2
May 16 06:20:19 07[CFG] <partner|271> proposing traffic selectors for us:
May 16 06:20:19 07[CFG] <partner|271>  10.143.152.0/24
May 16 06:20:19 07[CFG] <partner|271> proposing traffic selectors for other:
May 16 06:20:19 07[CFG] <partner|271>  172.22.203.0/24
May 16 06:20:19 07[CFG] <partner|271> configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
May 16 06:20:19 14[IKE] <partner|271> received ESP_TFC_PADDING_NOT_SUPPORTED notify
May 16 06:20:19 14[IKE] <partner|271> received NON_FIRST_FRAGMENTS_ALSO notify
May 16 06:20:19 14[IKE] <partner|271> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
May 16 06:20:19 14[CFG] <partner|271> selecting proposal:
May 16 06:20:19 14[CFG] <partner|271>   proposal matches
May 16 06:20:19 14[CFG] <partner|271> received proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
May 16 06:20:19 14[CFG] <partner|271> configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
May 16 06:20:19 14[CFG] <partner|271> selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
May 16 06:20:19 14[CFG] <partner|271> selecting traffic selectors for us:
May 16 06:20:19 14[CFG] <partner|271>  config: 10.143.152.0/24, received: 10.143.152.0/24 => match: 10.143.152.0/24
May 16 06:20:19 14[CFG] <partner|271> selecting traffic selectors for other:
May 16 06:20:19 14[CFG] <partner|271>  config: 172.22.203.0/24, received: 172.22.203.0/24 => match: 172.22.203.0/24
May 16 06:20:19 14[CHD] <partner|271>   using AES_CBC for encryption
May 16 06:20:19 14[CHD] <partner|271>   using HMAC_SHA2_256_128 for integrity
May 16 06:20:19 14[CHD] <partner|271> adding inbound ESP SA
May 16 06:20:19 14[CHD] <partner|271>   SPI 0xc9220e55, src B.B.B.B dst A.A.A.A
May 16 06:20:19 14[CHD] <partner|271> adding outbound ESP SA
May 16 06:20:19 14[CHD] <partner|271>   SPI 0xe457a2da, src A.A.A.A dst B.B.B.B
May 16 06:20:19 14[IKE] <partner|271> CHILD_SA partner-sa2{3946} established with SPIs c9220e55_i e457a2da_o and TS 10.143.152.0/24 === 172.22.203.0/24
May 16 06:20:19 14[IKE] <partner|271> activating new tasks
May 16 06:20:19 14[IKE] <partner|271> nothing to initiate

Sniffer

06:21:31.380702 IP 10.143.152.3.53950 > 172.22.203.210.9348: Flags [S], seq 203569522, win 29200, options [mss 1460,sackOK,TS val 3104716597 ecr 0,nop,wscale 7], length 0
06:21:31.380836 IP A.A.A.A > B.B.B.B: ESP(spi=0xe457a2da,seq=0x33), length 104
06:21:31.390539 IP B.B.B.B.4500 > A.A.A.A.4500: UDP-encap: ESP(spi=0xc9220e55,seq=0x7d), length 104
06:21:31.679463 IP 10.143.152.3.53952 > 172.22.203.210.9348: Flags [S], seq 2542727828, win 29200, options [mss 1460,sackOK,TS val 3104716895 ecr 0,nop,wscale 7], length 0
06:21:31.679550 IP A.A.A.A > B.B.B.B: ESP(spi=0xe457a2da,seq=0x34), length 104
06:21:31.689203 IP B.B.B.B.4500 > A.A.A.A.4500: UDP-encap: ESP(spi=0xc9220e55,seq=0x7e), length 104
06:21:31.942517 IP 10.143.152.3.53954 > 172.22.203.210.9348: Flags [S], seq 1566401462, win 29200, options [mss 1460,sackOK,TS val 3104717159 ecr 0,nop,wscale 7], length 0
06:21:31.942617 IP A.A.A.A > B.B.B.B: ESP(spi=0xe457a2da,seq=0x35), length 104
06:21:31.952151 IP B.B.B.B.4500 > A.A.A.A.4500: UDP-encap: ESP(spi=0xc9220e55,seq=0x7f), length 104
06:21:32.025067 IP B.B.B.B.4500 > A.A.A.A.4500: UDP-encap: ESP(spi=0xc9220e55,seq=0x80), length 104
06:21:32.025088 IP B.B.B.B.4500 > A.A.A.A.4500: UDP-encap: ESP(spi=0xc9220e55,seq=0x81), length 104
06:21:32.030924 IP 10.143.152.6.59270 > 172.22.203.210.10631: Flags [S], seq 834197392, win 29200, options [mss 1460,sackOK,TS val 3106066331 ecr 0,nop,wscale 7], length 0
06:21:32.030980 IP A.A.A.A > B.B.B.B: ESP(spi=0xe457a2da,seq=0x36), length 104
06:21:32.040649 IP B.B.B.B.4500 > A.A.A.A.4500: UDP-encap: ESP(spi=0xc9220e55,seq=0x82), length 104
06:21:32.259078 IP 10.143.152.3.53956 > 172.22.203.210.9348: Flags [S], seq 153985492, win 29200, options [mss 1460,sackOK,TS val 3104717475 ecr 0,nop,wscale 7], length 0
06:21:32.259125 IP A.A.A.A > B.B.B.B: ESP(spi=0xe457a2da,seq=0x37), length 104
06:21:32.268698 IP B.B.B.B.4500 > A.A.A.A.4500: UDP-encap: ESP(spi=0xc9220e55,seq=0x83), length 104
06:21:32.497540 IP 10.143.152.3.53958 > 172.22.203.210.9348: Flags [S], seq 1702345812, win 29200, options [mss 1460,sackOK,TS val 3104717714 ecr 0,nop,wscale 7], length 0
06:21:32.497578 IP A.A.A.A > B.B.B.B: ESP(spi=0xe457a2da,seq=0x38), length 104
06:21:32.507170 IP B.B.B.B.4500 > A.A.A.A.4500: UDP-encap: ESP(spi=0xc9220e55,seq=0x84), length 104
06:21:33.031497 IP 10.143.152.6.59270 > 172.22.203.210.10631: Flags [S], seq 834197392, win 29200, options [mss 1460,sackOK,TS val 3106067332 ecr 0,nop,wscale 7], length 0
06:21:33.031566 IP A.A.A.A > B.B.B.B: ESP(spi=0xe457a2da,seq=0x39), length 104
06:21:33.040793 IP B.B.B.B.4500 > A.A.A.A.4500: UDP-encap: ESP(spi=0xc9220e55,seq=0x85), length 104
06:21:33.215368 IP B.B.B.B.4500 > A.A.A.A.4500: UDP-encap: ESP(spi=0xc9220e55,seq=0x86), length 104
06:21:33.425467 IP B.B.B.B.4500 > A.A.A.A.4500: UDP-encap: ESP(spi=0xc9220e55,seq=0x87), length 104
06:21:33.625332 IP B.B.B.B.4500 > A.A.A.A.4500: UDP-encap: ESP(spi=0xc9220e55,seq=0x88), length 104
06:21:34.225167 IP B.B.B.B.4500 > A.A.A.A.4500: UDP-encap: ESP(spi=0xc9220e55,seq=0x89), length 104
06:21:35.025813 IP B.B.B.B.4500 > A.A.A.A.4500: UDP-encap: ESP(spi=0xc9220e55,seq=0x8a), length 104
06:21:35.034770 IP 10.143.152.6.59272 > 172.22.203.210.10631: Flags [S], seq 1227022880, win 29200, options [mss 1460,sackOK,TS val 3106069335 ecr 0,nop,wscale 7], length 0
06:21:35.034827 IP A.A.A.A > B.B.B.B: ESP(spi=0xe457a2da,seq=0x3a), length 104
06:21:35.044721 IP B.B.B.B.4500 > A.A.A.A.4500: UDP-encap: ESP(spi=0xc9220e55,seq=0x8b), length 104
06:21:35.215223 IP B.B.B.B.4500 > A.A.A.A.4500: UDP-encap: ESP(spi=0xc9220e55,seq=0x8c), length 104
06:21:35.425636 IP B.B.B.B.4500 > A.A.A.A.4500: UDP-encap: ESP(spi=0xc9220e55,seq=0x8d), length 104
06:21:35.625605 IP B.B.B.B.4500 > A.A.A.A.4500: UDP-encap: ESP(spi=0xc9220e55,seq=0x8e), length 104
06:21:35.625652 IP B.B.B.B.4500 > A.A.A.A.4500: UDP-encap: ESP(spi=0xc9220e55,seq=0x8f), length 104
06:21:35.825444 IP B.B.B.B.4500 > A.A.A.A.4500: UDP-encap: ESP(spi=0xc9220e55,seq=0x90), length 104
06:21:36.026487 IP B.B.B.B.4500 > A.A.A.A.4500: UDP-encap: ESP(spi=0xc9220e55,seq=0x91), length 104
06:21:36.026513 IP B.B.B.B.4500 > A.A.A.A.4500: UDP-encap: ESP(spi=0xc9220e55,seq=0x92), length 104
06:21:36.026517 IP B.B.B.B.4500 > A.A.A.A.4500: UDP-encap: ESP(spi=0xc9220e55,seq=0x93), length 104
06:21:36.035444 IP 10.143.152.6.59272 > 172.22.203.210.10631: Flags [S], seq 1227022880, win 29200, options [mss 1460,sackOK,TS val 3106070336 ecr 0,nop,wscale 7], length 0
06:21:36.035486 IP A.A.A.A > B.B.B.B: ESP(spi=0xe457a2da,seq=0x3b), length 104
06:21:36.044557 IP B.B.B.B.4500 > A.A.A.A.4500: UDP-encap: ESP(spi=0xc9220e55,seq=0x94), length 104
06:21:36.615297 IP B.B.B.B.4500 > A.A.A.A.4500: UDP-encap: ESP(spi=0xc9220e55,seq=0x95), length 104

When I generate a flow from a server,
we can see the ESP packet send to the remote and return to our peer, SPI match well but the counter is still at 0.
Packets are not descrypted.

The same problem appear during the rekeying step (we disabled it currently on the exemple above).

Strongswan debug

May  9 13:50:21 05[IKE] <partner|10> initiator did not reauthenticate as requested
May  9 13:50:21 05[IKE] <partner|10> reauthenticating IKE_SA partner[10] actively
May  9 13:50:21 05[IKE] <partner|10> deleting IKE_SA partner[10] between A.A.A.A[A.A.A.A]...B.B.B.B[B.B.B.B]
May  9 13:50:21 05[IKE] <partner|10> sending DELETE for IKE_SA partner[10]
May  9 13:50:21 05[ENC] <partner|10> generating INFORMATIONAL request 120 [ D ]
May  9 13:50:21 05[NET] <partner|10> sending packet: from A.A.A.A[500] to B.B.B.B[500] (80 bytes)
May  9 13:50:21 16[NET] <partner|10> received packet: from B.B.B.B[500] to A.A.A.A[500] (80 bytes)
May  9 13:50:21 16[ENC] <partner|10> parsed INFORMATIONAL response 120 [ ]
May  9 13:50:21 16[IKE] <partner|10> IKE_SA deleted
May  9 13:50:21 16[IKE] <partner|10> restarting CHILD_SA partner
May  9 13:50:21 16[IKE] <partner|10> initiating IKE_SA partner[35] to B.B.B.B
May  9 13:50:21 16[ENC] <partner|10> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
May  9 13:50:21 16[NET] <partner|10> sending packet: from A.A.A.A[500] to B.B.B.B[500] (464 bytes)
May  9 13:50:21 16[IKE] <partner|10> restarting CHILD_SA partner-sa2
May  9 13:50:21 14[NET] <partner|35> received packet: from B.B.B.B[500] to A.A.A.A[500] (428 bytes)
May  9 13:50:21 14[ENC] <partner|35> parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(CHDLESS_SUP) ]
May  9 13:50:21 14[IKE] <partner|35> authentication of 'A.A.A.A' (myself) with pre-shared key
May  9 13:50:21 14[IKE] <partner|35> establishing CHILD_SA partner{24}
May  9 13:50:21 14[ENC] <partner|35> generating IKE_AUTH request 1 [ IDi IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_6_ADDR) N(EAP_ONLY) ]
May  9 13:50:21 14[NET] <partner|35> sending packet: from A.A.A.A[4500] to B.B.B.B[4500] (352 bytes)
May  9 13:50:21 07[NET] <partner|35> received packet: from B.B.B.B[4500] to A.A.A.A[4500] (272 bytes)
May  9 13:50:21 07[ENC] <partner|35> parsed IKE_AUTH response 1 [ IDr AUTH N(CRASH_DET) SA TSi TSr N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) ]
May  9 13:50:21 07[IKE] <partner|35> authentication of 'B.B.B.B' with pre-shared key successful
May  9 13:50:21 07[IKE] <partner|35> IKE_SA partner[35] established between A.A.A.A[A.A.A.A]...B.B.B.B[B.B.B.B]
May  9 13:50:21 07[IKE] <partner|35> scheduling reauthentication in 85796s
May  9 13:50:21 07[IKE] <partner|35> maximum IKE_SA lifetime 86336s
May  9 13:50:21 07[IKE] <partner|35> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
May  9 13:50:21 07[IKE] <partner|35> CHILD_SA partner{488} established with SPIs c729fbc7_i 2f014628_o and TS 10.143.144.0/26 === 172.22.203.0/24
May  9 13:50:21 07[IKE] <partner|35> establishing CHILD_SA partner-sa2{16}
May  9 13:50:21 07[ENC] <partner|35> generating CREATE_CHILD_SA request 2 [ SA No TSi TSr ]
May  9 13:50:21 07[NET] <partner|35> sending packet: from A.A.A.A[4500] to B.B.B.B[4500] (208 bytes)
May  9 13:50:21 08[NET] <partner|35> received packet: from B.B.B.B[4500] to A.A.A.A[4500] (208 bytes)
May  9 13:50:21 08[ENC] <partner|35> parsed CREATE_CHILD_SA response 2 [ SA No TSi TSr N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) ]
May  9 13:50:21 08[IKE] <partner|35> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
May  9 13:50:21 08[IKE] <partner|35> CHILD_SA partner-sa2{489} established with SPIs ca1fa21a_i cc5c6004_o and TS 10.143.152.0/24 === 172.22.203.0/24
May  9 13:50:21 15[NET] <partner|35> received packet: from B.B.B.B[4500] to A.A.A.A[4500] (208 bytes)
May  9 13:50:21 15[ENC] <partner|35> parsed CREATE_CHILD_SA request 0 [ SA No TSi TSr N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) ]
May  9 13:50:21 15[IKE] <partner|35> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
May  9 13:50:21 15[IKE] <partner|35> CHILD_SA partner-sa2{490} established with SPIs cb784b82_i d25057b9_o and TS 10.143.152.0/24 === 172.22.203.0/24
May  9 13:50:21 15[ENC] <partner|35> generating CREATE_CHILD_SA response 0 [ SA No TSi TSr ]
May  9 13:50:21 15[NET] <partner|35> sending packet: from A.A.A.A[4500] to B.B.B.B[4500] (208 bytes)

By default, Check Point doesn't enable IKEv2 rekeying ?

May  9 13:50:21 05[IKE] <partner|10> initiator did not reauthenticate as requested
May  9 13:50:21 05[IKE] <partner|10> reauthenticating IKE_SA partner[10] actively
May  9 13:50:21 05[IKE] <partner|10> deleting IKE_SA partner[10] between A.A.A.A[A.A.A.A]...B.B.B.B[B.B.B.B]
May  9 13:50:21 05[IKE] <partner|10> sending DELETE for IKE_SA partner[10]

With rekey=non, Check Point never initiate the rekeying phase. When rekeying is disabled in our side, Check Point seems to go the end of the lifetime and initiate the reauth phase.
See the attached file (full debug enabled). We're still waiting the answer of Check Point.

Thanks.

strongswan_debug_20190515.txt (68 KB) strongswan_debug_20190515.txt Reauth phase by Check Point without rekeying phase Jeremy GERVAIS, 16.05.2019 11:51

History

#1 Updated by Tobias Brunner over 1 year ago

  • Status changed from New to Feedback

When my peer Strongswan initiate the tunnel, the ESP flow reveived seems not to be decrypted.

Does that imply that it works if the other end initiates the tunnel?

When I generate a flow from a server,
we can see the ESP packet send to the remote and return to our peer, SPI match well but the counter is still at 0.
Packets are not descrypted.

They won't because they are UDP-encapsulated (refer to the tcpdump output), even though no NAT was detected and, therefore, strongSwan didn't configure UDP-encapsulation on the SAs. Do you have the log of the other peer? Does it detect a NAT? If not, it shouldn't use UDP-encap. On the other hand, the Linux kernel should technically accept the packets even if the inbound SA is not configured for UDP-encap, so far no version of the kernel does, though.

A workaround could be to force UDP encapsulation via forceencaps=yes. But if there is no NAT this adds an unnecessary overhead of 8 bytes per packet.

By default, Check Point doesn't enable IKEv2 rekeying ?

Rekeying and reauthentication are not the same thing in IKEv2, see ExpiryRekey. You might want to disable the latter via reauth=no.

#2 Updated by Jeremy GERVAIS over 1 year ago

Tobias Brunner wrote:

When my peer Strongswan initiate the tunnel, the ESP flow reveived seems not to be decrypted.

Does that imply that it works if the other end initiates the tunnel?

Right, it works when the remote peer initiates the tunnel.

When I generate a flow from a server,
we can see the ESP packet send to the remote and return to our peer, SPI match well but the counter is still at 0.
Packets are not descrypted.

They won't because they are UDP-encapsulated (refer to the tcpdump output), even though no NAT was detected and, therefore, strongSwan didn't configure UDP-encapsulation on the SAs. Do you have the log of the other peer? Does it detect a NAT? If not, it shouldn't use UDP-encap. On the other hand, the Linux kernel should technically accept the packets even if the inbound SA is not configured for UDP-encap, so far no version of the kernel does, though.

A workaround could be to force UDP encapsulation via forceencaps=yes. But if there is no NAT this adds an unnecessary overhead of 8 bytes per packet.

With the option forceencaps=yes, the tunnel seems ok when our peer init it. I will check if the tunnel is still ok during many init.
I asked them for the log. Waiting for their reply.

By default, Check Point doesn't enable IKEv2 rekeying ?

Rekeying and reauthentication are not the same thing in IKEv2, see ExpiryRekey. You might want to disable the latter via reauth=no.

Ok so "initiator did not reauthenticate as requested" is not a problem. I disabled rekey to avoid our peer init the rekey phase.
I renabled it now with forceencaps.

#3 Updated by Tobias Brunner over 1 year ago

Does that imply that it works if the other end initiates the tunnel?

Right, it works when the remote peer initiates the tunnel.

What exactly happens? Is a NAT detected in that case? Or does the other box correctly not use UDP encapsulation?

By default, Check Point doesn't enable IKEv2 rekeying ?

Rekeying and reauthentication are not the same thing in IKEv2, see ExpiryRekey. You might want to disable the latter via reauth=no.

Ok so "initiator did not reauthenticate as requested" is not a problem.

Depends on your goal. Read the page I linked for details.

#4 Updated by Tobias Brunner about 1 month ago

  • Category set to interoperability
  • Status changed from Feedback to Closed
  • Assignee set to Tobias Brunner
  • Resolution set to No feedback

Also available in: Atom PDF